Cadoles/hydra-sql
22
0
Fork 0
Code Issues 4 Pull Requests 2 Projects Releases Wiki Activity

issue-21: actualisation de l'env de dev et maj dépendances
Some checks reported warnings
Cadoles/hydra-sql/pipeline/head This commit is unstable
Details
Cadoles/hydra-sql/pipeline/pr-develop This commit is unstable
Details

Browse Source
This commit is contained in:
Valentin Carroy
2023-12-13 15:41:54 +01:00
parent 72e912facb
commit 341a1ecd87
8 changed files with 3438 additions and 8768 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/Security/Hasher/PasswordEncoder.php
View File

@ -46,20 +46,20 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
$completedPassword = $this->getPasswordToHash($plainPassword, $salt);
foreach ($this->hashAlgoLegacy as $algo) {
if ('ssha' === $algo && $this->compareSsha($hashedPassword, $completedPassword)) {
if (str_starts_with($hashedPassword, '{SSHA}') && $this->compareSsha($hashedPassword, $plainPassword)) {
return true;
}
if (password_verify($completedPassword, $hashedPassword)) {
return true;
}
foreach(hash_algos() as $algo) {
if (hash_equals($hashedPassword, hash($algo, $completedPassword))) {
return true;
}
if ($this->isObsoleteAlgo($algo)) {
if (hash_equals(hash($algo, $completedPassword), $hashedPassword)) {
return true;
}
} else {
if (password_verify($completedPassword, $hashedPassword)) {
return true;
}
}
}
throw new InvalidSQLPasswordException();
}